Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Digital Authoritarianism, Asian Techno-Geopolitics and Technology Fragmentation
1. Charles Mok | Cyber Policy Center, Stanford University | April 3, 2023 | Rikkyo University, Japan
Digital Authoritarianism,
Asian Techno-Geopolitics and
Technology Fragmentation
2. Chinese Digital Authoritarianism
Repressive Practices
• Through technology, operation and laws
• Beyond “GFW” (Great FireWall of China)
• From Censorship (passive) to Total Control (active)
• Fear; Friction; Flooding
• Misinformation strategy
• Starting with total control on infrastructure and backbone
3. Smart City to Massive Surveillance
• Informatization of city management — transportation, public safety,
healthcare, environmental protection….
• Utilizing technologies: IoT, 5G, AI, Big Data, Cloud computing….
• China’s SkyNet project: surveillance camera network with facial recognition
and AI
• BBC reporter John Sudworth (Guiyang, Guizhou Provincel 2017): “caught in 7
minutes”
• Massive deployment in Xinjiang and everywhere
4. Social Credit
• State Council document: “Guidelines of Social Credit System Construction (2014-2020)”:
• The system aims at standardizing assessment for businesses, organizations and individuals,
measuring
fi
nancial, social and political worthiness
• Rather than a single score to limit social activities of movements of individuals, it still focuses
more on business or marketplace behaviors
• The system is still fragmente now, not fully digitized and decisions are largely made by
humans rather than AI
• However, the system is still a
fl
exible tool for rapid and strict enforcement when “necessary”
• Do not under-estimate the acceptance by the average Chinese public — social harmony,
crime prevention, in a “low trust society”
5. Rule by Law
Under the CAC
• Cybersecurity Law (CSL) of 2017, amended/clari
fi
ed in 2021
• Amalgamation of previous Internet censorship laws and unifying control
• Data sovereignty requirements, and state security agencies can seize data
• Critical information infrastructure” subject to national security review over data security, procurement and cross-
border data
fl
ow, etc.
• Should not “invite subversion of national sovereignty, overturn the socialist system, incite separatism, break
national unity, advocate terrorism or extremism. advocate ethnic hatred and discrimination, disseminate violent,
obscene or sexual information, create or disseminate false information to disrupt economic or social order.”
• Other recent major laws: Data Security Law (DSL), Personal Information Protection Law (PIPL).
• Long-arm jurisdiction
• Tech crackdown
6. Exporting Repression
Digital Silk Road
• “Masterplan by Beijing to deploy its “techno-authoritarian model” to Belt and Road
countries (since 2015)
• Dual-use technologies: military and industrial/civilian usages
• Next-generation national
fi
rewall — active surveillance and data analytics
• Thailand (failed attempt in 2015); Cambodia ongoing e
ff
ort (since 2020)
• State
fi
nancing for many African and Asian nations to pay for equipments and projects
from Huawei, ZTE, etc.
• WSJ (2019): Uganda and Zambia’s governments intercepted encrypted communications
and social media messages and used cell locations to track political opponents.
7. China’s Global Data Grab
• 5G and infrastructure providers: Huawei, ZTE, etc.
• US-led sanctions
• Surveillance cameras and facial recognition: Hikvison etc.
• Strong pushbacks from western countries (UK, Australia, etc.)
• Consumer products and services
• Mobile phones by Huawei, Xiaomi, etc.
• AliPay, WeChatPay
• Didi Chuxing
• TikTok
• WeChat
8. Technology Standards
The tech and the process
• Targeted e
ff
orts to achieve growing global in
fl
uence
• Unlimited cooperation between China and Russia
• Huawei as proxy agent to advance China’s proposed standards, such as
“New IP” or “IPv6+”, promoting the idea of strong regulatory binding between
IP address and a user
• Attempts to change the global technical standards decision process:
• From multistakeholderism of IETF, IEEE, IAB, IRTF, W3C to state-led ITU
• 2022 Election of ITU’s Secretary General: USA vs Russia
9. But it’s not just China…
All over Asia
• Misinformation and election interference
• Illegal content especially CSAM (child sexual abuse materials)
• Cybersecurity and ransomware
• Every government wants to be able to remove content they don’t like
• India: IT Regulations
• Singapore: Protection from Online Falsehoods and Manipulation Act (POFMA) and foreign interference law
• Cambodia: National Internet Gateway, etc.
• Philippines: SIM card registration law
• Vietnam, Myanmar, etc.: Cybersecurity law
10. What about Hong Kong?
• NSL (2020)
• Personal Data (Privacy) Law amendments — anti-doxxing
• SIM card registration (from March 2023)
• Crowdfunding regulations consultation
• Misinformation law
• Cybersecurity law
• Article 23 legislation and NSL
11. Western democracies want more control too
• Problematic legislations in the west:
• UK’s Online Safety Bill, US’s EARN-IT Act, etc.
• Also Australia, Canada, EU, etc.
• Threats against end-to-end encryption
• Fixation on war on Big Tech: misguided?
• Losing the moral high ground over autocratic governments
13. The Internet will be fragmented
One world, one Internet no more
• Cyber sovereignty — beginning with data fragmentation
• Data residency laws everywhere
• Infrastructure fragmentation — from undersea cables to space satellites
• Semiconductor supply chain fragmentation
• App/web fragmentation — from GFW to TikTok — both sides now
• AI fragmentation
• Tech standards fragmentation
• Regulatory fragmentation
• Misinformation law, cybersecurity law, real-name registration law (e.g. SIM card rules) — call them by any names
• Both autocracies and democracies
15. Values fragmentation
World Internet Conference — China and friends
• Extension of the Digital Silk
Road
• “Internationalization” of
Internet and “cyberspace”
governance
16. Where do we go from here?
• Internet freedom cannot be taken for granted anywhere anymore
• It’s complicated — no simple solution
• Two battlegrounds, two strategies?
• Autocracies
• Democracies
• How can we strengthen multi-stakeholder participation?
• Empowering civil society and civil defenders
17. Charles Mok
Visiting Scholar, Global Digital Policy
Incubator, Cyber Policy Center, Stanford
University
Trustee, Internet Society
Director, Tech for Good Asia